From 31fd10e60d12ae2e955de8651fa84aff016d719a Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Thu, 22 Oct 2015 12:18:45 +0100
Subject: Fix DTLSv1_listen following state machine changes

Adding the new state machine broke the DTLSv1_listen code because
calling SSL_in_before() was erroneously returning true after DTLSv1_listen
had successfully completed. This change ensures that SSL_in_before returns
false.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
---
 ssl/d1_lib.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'ssl/d1_lib.c')

diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index 087d6d2667..a6f06329a2 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -872,8 +872,11 @@ int dtls1_listen(SSL *s, struct sockaddr *client)
      */
     SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
 
-    /* Put us into the "init" state so that we don't get our state cleared */
-    ossl_statem_set_in_init(s, 1);
+    /*
+     * Tell the state machine that we've done the initial hello verify
+     * exchange
+     */
+    ossl_statem_set_hello_verify_done(s);
 
     if(BIO_dgram_get_peer(rbio, client) <= 0) {
         SSLerr(SSL_F_DTLS1_LISTEN, ERR_R_INTERNAL_ERROR);
-- 
cgit v1.2.3